Data Protection Policy

ACS is committed to protecting privacy and personal information. It is the intent of ACS to ensure that all personal data collected about ACO members, visitors, and other individuals is collected, stored, and processed in a secure, reliable process, in general accordance with the European Union General Data Protection Regulation (GDPR) or other instrument as determined by the Board of Trustees as a guide and following these general principles. As such, ACS will have in place practices, systems, and review mechanisms, as outlined in the GDPR or other relevant instrument, to ensure that the data is protected laws, best practices in data protection processes, and generally agreed-upon guidelines for effective data protection. The general guidelines for collecting data are that it is:

  1. Processed lawfully, fairly, and in a transparent manner.
  2. Collected for specified, explicit, and legitimate purposes.
  3. Adequate, relevant and limited to what is necessary to fulfill the purposes for which it is processed.
  4. Accurate and, where necessary, kept up to date.
  5. Kept for no longer than is necessary for the purposes for which it is processed.
  6. Processed in a way that ensures it is appropriately secure.
  7. Not shared with third parties unless with the approval of the concerned parties.
  8. Not shared or sold to third party vendors for commercial purposes.

Personal data is any piece of information that can identify a person, such as their name or address; sensitive personal data includes information about religious and political views, genetic data, and more.

**Adopted September 2018

Click here to download the Data Protection Policy.